-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #36365 - Drop usage of sudo for any pulpcore-manager commands #727
Conversation
Issues: #36365 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically we should run all pulpcore-manager
commands as the pulp
user. Especially when it writes files that's crucial. When running as root, then you can end up with file permission problems.
IMHO we need some wrapper for pulpcore-manager
with the correct env vars etc.
I do agree and that is what my initial thought was. The same is mentioned in the BZ as well. But so far, these commands are being executed as the root user only ( with sudo ) and things are working just fine. I also discussed with the Pulp team about it and they confirmed that If I am passing
along with the If your recommendation remains the same, Then I can try to think of something about that wrapper or else I would have to call both the commands in this way i.e. |
While it's true that when it's DB-only it's fine, it is a problem when root starts to write files to The correct tool for switching user in scripts is |
And to add on, Both of these commands ( from where sudo is being removed ) are performing database-level actions ( on pulpcore ) as database user pulp and the user is being picked up from |
I just noticed this one and yes, Agreed. Writing on disk as root is super bad but fortunately, neither of these actions is doing so. And also, whether it's runuser or su, as pulp is associated with nologin shell, we need to pass I will wait for your final recommendation here and take the necessary actions as per the same. |
Pushed changes in the commit as per previous suggestions. Now foreman_maintain should run the pulpcore db migration and trim-changelogs steps as @ekohl Please, Let me know if that looks good to you or if any other recommendations would be there |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can avoid the additional shell by using runuser -u pulp
.
# getent passwd pulp
pulp:x:974:964::/var/lib/pulp:/sbin/nologin
# runuser - pulp id
This account is currently not available.
# runuser -u pulp id
uid=974(pulp) gid=964(pulp) groups=964(pulp) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
And I'm pretty sure DJANGO_SETTINGS_MODULE
isn't needed. pulpcore-manager
is precisely that. See https://github.com/pulp/pulpcore/blob/7c6d59f5f302efab669e335a23f1912eae739f2c/pulpcore/app/manage.py#L7 for details. Sadly it doesn't set PULP_SETTINGS
either but you can't have it all.
So I think PULP_SETTINGS=/etc/pulp/settings.py runuser -u pulp pulpcore-manager $COMMAND
would be the best invocation.
Given y'all have aligned on a common structure for calling commands, adding that as a function in |
I actually had tried it but it failed and my mistake was that I passed And I never removed Now, even if I have this working i.e.
as soon as i try the same with migrate, It will not work . Examples:
That is why I resorted to the generic approach i.e. |
I'ts probably interpreting |
It does the trick.. I have force pushed the changes now. |
If root is not allowed to use sudo , users will bound to run into either of these issues during upgrade or restore
or
Since we anyway run foreman-maintain\satellite-maintain as the root user, Let's remove the usage of sudo to run those commands normally.
I did a test for restore and upgrade with these changes and they worked just fine.
It would also probably need to go in 1.2.X ( if any future releases are planned )